Microsoft Stretches E-Mail Authentication Patent Claims

Participants in the IETF's MARID working group say the patent application appears to cover technologies in the older SPF standard, which was developed by others prior to the date of the application and is already widely deployed.

Microsofts efforts to jump on the SMTP authentication train have hit a new roadblock. The companys publication of a patent application has started a fresh controvery with the IETFs MARID working group, which is trying to formulate e-mail authentication standards.
According to participants in the working group, the patent appears to cover technologies in the older SPF (Sender Policy Framework) standard, which was developed by others prior to the date of the patent application and is already widely deployed.
At issue is authentication of the mail-from value from the SMTP envelope, described by the RFC 2821 standard. Most of the MARID (MTA Authorization Records in DNS) discussions centered around other mail addresses in the headers, described by RFC 2822.

In recent discussions of the working group, a Microsoft participant named as an inventor in the patent indicated that SPF was not covered by the patent claims. The denial may have only applied to specific implementation details.
AOL has dumped Microsofts Sender ID standard and instead will implement SPF. Click here to read more.
The application was filed Oct. 10, 2003. Meng Wong, the author of SPF, published proposals for repudiating mail based on the mail-from value in June 2003. An even earlier proposal dates to June 2002.
Legal encumbrance on the use of mail-from could upset many industry plans. Ironically, AOL recently announced that it will not implement Sender ID in part due to legal concerns about the standard. There are also many free, open-source implementations of SPF.
Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.

Larry Seltzer has been writing software for and English about computers ever since,much to his own amazement,he graduated from the University of Pennsylvania in 1983.

He was one of the authors of NPL and NPL-R, fourth-generation languages for microcomputers by the now-defunct DeskTop Software Corporation. (Larry is sad to find absolutely no hits on any of these +products on Google.) His work at Desktop Software included programming the UCSD p-System, a virtual machine-based operating system with portable binaries that pre-dated Java by more than 10 years.

For several years, he wrote corporate software for Mathematica Policy Research (they're still in business!) and Chase Econometrics (not so lucky) before being forcibly thrown into the consulting market. He bummed around the Philadelphia consulting and contract-programming scenes for a year or two before taking a job at NSTL (National Software Testing Labs) developing product tests and managing contract testing for the computer industry, governments and publication.

In 1991 Larry moved to Massachusetts to become Technical Director of PC Week Labs (now eWeek Labs). He moved within Ziff Davis to New York in 1994 to run testing at Windows Sources. In 1995, he became Technical Director for Internet product testing at PC Magazine and stayed there till 1998.

Since then, he has been writing for numerous other publications, including Fortune Small Business, Windows 2000 Magazine (now Windows and .NET Magazine), ZDNet and Sam Whitmore's Media Survey.